---
title: auth.proto
hide_title: true
---

import { ProtoMessage, ProtoServiceMethod, ProtoEnum } from '@theme/ProtoFile';

# `auth.proto`
_**path** mgmt/v1alpha1/auth.proto_

_**package** mgmt.v1alpha1_



---

## Messages


### `AccessToken`
<ProtoMessage key={0} message={{"name":"AccessToken","longName":"AccessToken","fullName":"mgmt.v1alpha1.AccessToken","description":"A decoded representation of an Access token from the backing auth server","hasExtensions":false,"hasFields":true,"hasOneofs":true,"extensions":[],"fields":[{"name":"access_token","description":"The access token that will be provided in subsequent requests to provide authenticated access to the Api","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""},{"name":"refresh_token","description":"Token that can be used to retrieve a refreshed access token.\nWill not be provided if the offline_access scope is not provided in the initial login flow.","label":"optional","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":true,"oneofdecl":"_refresh_token","defaultValue":""},{"name":"expires_in","description":"Relative time in seconds that the access token will expire. Combine with the current time to get the expires_at time.","label":"","type":"int64","longType":"int64","fullType":"int64","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""},{"name":"scope","description":"The scopes that the access token have","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""},{"name":"id_token","description":"The identity token of the authenticated user","label":"optional","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":true,"oneofdecl":"_id_token","defaultValue":""},{"name":"token_type","description":"The token type. For JWTs, this will be `Bearer`","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""}]}} />


### `CheckTokenRequest`
<ProtoMessage key={1} message={{"name":"CheckTokenRequest","longName":"CheckTokenRequest","fullName":"mgmt.v1alpha1.CheckTokenRequest","description":"","hasExtensions":false,"hasFields":false,"hasOneofs":false,"extensions":[],"fields":[]}} />


### `CheckTokenResponse`
<ProtoMessage key={2} message={{"name":"CheckTokenResponse","longName":"CheckTokenResponse","fullName":"mgmt.v1alpha1.CheckTokenResponse","description":"","hasExtensions":false,"hasFields":false,"hasOneofs":false,"extensions":[],"fields":[]}} />


### `GetAuthStatusRequest`
<ProtoMessage key={3} message={{"name":"GetAuthStatusRequest","longName":"GetAuthStatusRequest","fullName":"mgmt.v1alpha1.GetAuthStatusRequest","description":"","hasExtensions":false,"hasFields":false,"hasOneofs":false,"extensions":[],"fields":[]}} />


### `GetAuthStatusResponse`
<ProtoMessage key={4} message={{"name":"GetAuthStatusResponse","longName":"GetAuthStatusResponse","fullName":"mgmt.v1alpha1.GetAuthStatusResponse","description":"","hasExtensions":false,"hasFields":true,"hasOneofs":false,"extensions":[],"fields":[{"name":"is_enabled","description":"Whether or not the server has authentication enabled.\nThis tells the client if it is expected to send access tokens.","label":"","type":"bool","longType":"bool","fullType":"bool","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""}]}} />


### `GetAuthorizeUrlRequest`
<ProtoMessage key={5} message={{"name":"GetAuthorizeUrlRequest","longName":"GetAuthorizeUrlRequest","fullName":"mgmt.v1alpha1.GetAuthorizeUrlRequest","description":"","hasExtensions":false,"hasFields":true,"hasOneofs":false,"extensions":[],"fields":[{"name":"state","description":"The state that's generated by the client that is passed along to prevent tampering","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""},{"name":"redirect_uri","description":"The redirect uri that the client will be redirected back to during the auth request","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""},{"name":"scope","description":"The scopes the client is requesting as a part of the oauth login request","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""}]}} />


### `GetAuthorizeUrlResponse`
<ProtoMessage key={6} message={{"name":"GetAuthorizeUrlResponse","longName":"GetAuthorizeUrlResponse","fullName":"mgmt.v1alpha1.GetAuthorizeUrlResponse","description":"","hasExtensions":false,"hasFields":true,"hasOneofs":false,"extensions":[],"fields":[{"name":"url","description":"The generated url that is the client will be redirected to during the Oauth flow","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""}]}} />


### `LoginCliRequest`
<ProtoMessage key={7} message={{"name":"LoginCliRequest","longName":"LoginCliRequest","fullName":"mgmt.v1alpha1.LoginCliRequest","description":"","hasExtensions":false,"hasFields":true,"hasOneofs":false,"extensions":[],"fields":[{"name":"code","description":"The oauth code","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""},{"name":"redirect_uri","description":"The oauth redirect uri that the client uses during the oauth request","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""}]}} />


### `LoginCliResponse`
<ProtoMessage key={8} message={{"name":"LoginCliResponse","longName":"LoginCliResponse","fullName":"mgmt.v1alpha1.LoginCliResponse","description":"","hasExtensions":false,"hasFields":true,"hasOneofs":false,"extensions":[],"fields":[{"name":"access_token","description":"The access token that is returned on successful login","label":"","type":"AccessToken","longType":"AccessToken","fullType":"mgmt.v1alpha1.AccessToken","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":"","typeLink":"/api/mgmt/v1alpha1/auth.proto#accesstoken"}]}} />


### `RefreshCliRequest`
<ProtoMessage key={9} message={{"name":"RefreshCliRequest","longName":"RefreshCliRequest","fullName":"mgmt.v1alpha1.RefreshCliRequest","description":"","hasExtensions":false,"hasFields":true,"hasOneofs":false,"extensions":[],"fields":[{"name":"refresh_token","description":"The token used to retrieve a new access token.","label":"","type":"string","longType":"string","fullType":"string","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":""}]}} />


### `RefreshCliResponse`
<ProtoMessage key={10} message={{"name":"RefreshCliResponse","longName":"RefreshCliResponse","fullName":"mgmt.v1alpha1.RefreshCliResponse","description":"","hasExtensions":false,"hasFields":true,"hasOneofs":false,"extensions":[],"fields":[{"name":"access_token","description":"The access token that is returned on successful refresh","label":"","type":"AccessToken","longType":"AccessToken","fullType":"mgmt.v1alpha1.AccessToken","ismap":false,"isoneof":false,"oneofdecl":"","defaultValue":"","typeLink":"/api/mgmt/v1alpha1/auth.proto#accesstoken"}]}} />

---
## Services


### `AuthService`

Service that handles generic Authentication for Neosync
Today this is mostly used by the CLI to receive authentication information


#### `LoginCli`
<ProtoServiceMethod key={'LoginCli-0'} method={{"name":"LoginCli","description":"Used by the CLI to login to Neosync with OAuth.","requestType":"LoginCliRequest","requestLongType":"LoginCliRequest","requestFullType":"mgmt.v1alpha1.LoginCliRequest","requestStreaming":false,"responseType":"LoginCliResponse","responseLongType":"LoginCliResponse","responseFullType":"mgmt.v1alpha1.LoginCliResponse","responseStreaming":false,"requestTypeLink":"/api/mgmt/v1alpha1/auth.proto#loginclirequest","responseTypeLink":"/api/mgmt/v1alpha1/auth.proto#logincliresponse"}} />


#### `RefreshCli`
<ProtoServiceMethod key={'RefreshCli-1'} method={{"name":"RefreshCli","description":"Used by the CLI to refresh an expired Neosync accesss token.\nThis should only be used if an access token was previously retrieved from the `LoginCli` or `RefreshCli` methods.","requestType":"RefreshCliRequest","requestLongType":"RefreshCliRequest","requestFullType":"mgmt.v1alpha1.RefreshCliRequest","requestStreaming":false,"responseType":"RefreshCliResponse","responseLongType":"RefreshCliResponse","responseFullType":"mgmt.v1alpha1.RefreshCliResponse","responseStreaming":false,"requestTypeLink":"/api/mgmt/v1alpha1/auth.proto#refreshclirequest","responseTypeLink":"/api/mgmt/v1alpha1/auth.proto#refreshcliresponse"}} />


#### `CheckToken`
<ProtoServiceMethod key={'CheckToken-2'} method={{"name":"CheckToken","description":"Empty endpoint to simply check if the provided access token is valid","requestType":"CheckTokenRequest","requestLongType":"CheckTokenRequest","requestFullType":"mgmt.v1alpha1.CheckTokenRequest","requestStreaming":false,"responseType":"CheckTokenResponse","responseLongType":"CheckTokenResponse","responseFullType":"mgmt.v1alpha1.CheckTokenResponse","responseStreaming":false,"requestTypeLink":"/api/mgmt/v1alpha1/auth.proto#checktokenrequest","responseTypeLink":"/api/mgmt/v1alpha1/auth.proto#checktokenresponse"}} />


#### `GetAuthorizeUrl`
<ProtoServiceMethod key={'GetAuthorizeUrl-3'} method={{"name":"GetAuthorizeUrl","description":"Used by the CLI to retrieve an Authorize URL for use with OAuth login.","requestType":"GetAuthorizeUrlRequest","requestLongType":"GetAuthorizeUrlRequest","requestFullType":"mgmt.v1alpha1.GetAuthorizeUrlRequest","requestStreaming":false,"responseType":"GetAuthorizeUrlResponse","responseLongType":"GetAuthorizeUrlResponse","responseFullType":"mgmt.v1alpha1.GetAuthorizeUrlResponse","responseStreaming":false,"options":{"idempotency_level":"NO_SIDE_EFFECTS"},"requestTypeLink":"/api/mgmt/v1alpha1/auth.proto#getauthorizeurlrequest","responseTypeLink":"/api/mgmt/v1alpha1/auth.proto#getauthorizeurlresponse"}} />


#### `GetAuthStatus`
<ProtoServiceMethod key={'GetAuthStatus-4'} method={{"name":"GetAuthStatus","description":"Returns the auth status of the API server. Whether or not the backend has authentication enabled.\nThis is used by clients to make decisions on whether or not they should send access tokens to the API.","requestType":"GetAuthStatusRequest","requestLongType":"GetAuthStatusRequest","requestFullType":"mgmt.v1alpha1.GetAuthStatusRequest","requestStreaming":false,"responseType":"GetAuthStatusResponse","responseLongType":"GetAuthStatusResponse","responseFullType":"mgmt.v1alpha1.GetAuthStatusResponse","responseStreaming":false,"options":{"idempotency_level":"NO_SIDE_EFFECTS"},"requestTypeLink":"/api/mgmt/v1alpha1/auth.proto#getauthstatusrequest","responseTypeLink":"/api/mgmt/v1alpha1/auth.proto#getauthstatusresponse"}} />


---


  